#!/usr/bin/env python
# -*- coding:utf-8 -*-
"""
@File   : test12_security_and_network_p1.py
@Time : 2025/3/11 11:15
@Author: Wangwc
@Describe:  ……
"""
import time
import os
import allure
import pytest
import random
import warnings

warnings.filterwarnings("ignore", category=DeprecationWarning)
from urllib3.exceptions import InsecureRequestWarning

warnings.simplefilter('ignore', category=InsecureRequestWarning)

from utils.network_tools import Network
from business.NetworkApi import NetworkApi
from utils.login import Login
from commons.logger import log
from utils.config_tools import Config
from commons.fake_data import Fake
from config.path import CERTS_DIR


# TODO 当前模块的配置文件名称，配置在config目录下
config_name = "user.ini"
login = Login(config_name=config_name)
config = Config(config_name=config_name)

global_token = None

@pytest.fixture(scope="function")
def network_api():
    global global_token
    if global_token is None:
        login.http_request.update_base_url()
        global_token = login.login()
    api = NetworkApi(global_token, configname=config_name)
    # 动态更新 base_url
    api.http.update_base_url()
    return api


def handle_api_call(api_method, *args, attach_to_allure=True, format_result=None, **kwargs):
    if not callable(api_method):
        raise TypeError("api_method 参数必须是可调用对象（如函数或方法）")
    if attach_to_allure is not None and not isinstance(attach_to_allure, bool):
        raise TypeError("attach_to_allure 参数必须是布尔类型或者为 None")
    if format_result is not None and not callable(format_result):
        raise TypeError("format_result 参数必须是可调用对象（如函数）或者为 None")

    max_retries = 3
    for retry in range(max_retries):
        try:
            result = api_method(*args, **kwargs)
            if attach_to_allure:
                if format_result:
                    formatted_result = format_result(result)
                else:
                    formatted_result = str(result)
                allure.attach(formatted_result, f"{api_method.__name__} 调用结果", allure.attachment_type.TEXT)
            log.info(f"{api_method.__name__} 调用成功")
            return result
        except Exception as e:
            allure.attach(str(e), f"{api_method.__name__} 调用错误信息", allure.attachment_type.TEXT)
            log.error(f"{api_method.__name__} 调用出现错误: {e}", exc_info=True)
            # 假设根据错误信息判断 token 过期
            if "token 过期" in str(e) and retry < max_retries - 1:
                global global_token
                global_token = login.login()
                api_method.__self__.token = global_token
                continue
            elif isinstance(e, ConnectionError):
                log.error("连接错误，可能是网络问题，请检查网络连接。")
            elif isinstance(e, ValueError):
                log.error("值错误，可能是传入的参数有误，请检查参数。")
            raise

host = config.read_config_ini('envHost','hostname')
username = config.read_config_ini('user','user_name')
passwd = config.read_config_ini('user','user_pwd')

@allure.feature("控制面板-网络&安全-P1级用例")
class TestSystemNetwork():
    @allure.title("获取证书对应服务的列表")
    def test_get_security_ssl_cert_lsit(self, network_api):
        with allure.step("获取证书对应服务的列表"):
            results = handle_api_call(network_api.get_ssl_settings)
            webdav_cert = results.get('webdav')
            webserver_cert = results.get('webserver')
            assert 'UGREEN' == webdav_cert[0] or 'UGREEN' == webserver_cert[0]

    @allure.title("获取证书对应服务的列表")
    def test_set_security_ssl_cert(self, network_api):
        with allure.step("获取证书对应服务的列表"):
            results = handle_api_call(network_api.get_ssl_settings)
            uglink = results.get('UGREENlink')[0]

        with allure.step("设置证书"):
            handle_api_call(network_api.set_ssl_settings, uglink)

        with allure.step("获取新的证书对应服务的列表"):
            new_results = handle_api_call(network_api.get_ssl_settings)
            assert uglink == new_results.get('UGREENlink')[0]

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的所有端口")
    def test_firewall_rule1(self, network_api):
        with allure.step("设置防火墙规则"):
            handle_api_call(network_api.del_all_firewall_rule)
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type":"all","protocol":"","target":"","ports":"","internal_servers":[],"sections":[]}
            host_info = {"type":"all","src_ip":""}
            request_data.update({"name":f"防火墙配置{name}","default":default,"port_info":port_info,"host_info":host_info})
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall,nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http,host,username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证SSH可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login,host,username,passwd)
            assert ssh_result[0] == True, "SSH服务无法访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的SSH+UGOS端口")
    def test_firewall_rule2(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            ssh_info = handle_api_call(network_api.application_info_by_service_name,'SSH')
            ugos_info = handle_api_call(network_api.application_info_by_service_name,'UGOS Pro')
            internal_servers = [ssh_info.get('name'),ugos_info.get('name')]
            sections = [ssh_info.get('section'),ugos_info.get('section')]
            ports = ",".join([ssh_info.get('ports'), ugos_info.get('ports')])

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update({"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.get_firewall_application,sections=sections)
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall,nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证SSH可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == True, "SSH服务无法访问"

        with allure.step("验证SMB不可以访问"):
            smb_result = handle_api_call(network_api.check_smb_login, host, username, passwd)
            assert smb_result[0] == False, "SMB服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的SMB+UGOS端口")
    def test_firewall_rule3(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            smb_info = handle_api_call(network_api.application_info_by_service_name, 'SMB')
            ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
            internal_servers = [smb_info.get('name'), ugos_info.get('name')]
            sections = [smb_info.get('section'), ugos_info.get('section')]
            ports = ",".join([smb_info.get('ports'), ugos_info.get('ports')])

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update({"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.get_firewall_application, sections=sections)
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall,nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证SMB可以访问"):
            smb_result = handle_api_call(network_api.check_smb_login, host, username, passwd)
            assert smb_result[0] == True, "SMB服务无法访问"

        with allure.step("验证SSH不可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == False, "SSH服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的Telnet+UGOS端口")
    def test_firewall_ruler4(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            Telnet_info = handle_api_call(network_api.application_info_by_service_name, 'Telnet')
            ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
            internal_servers = [Telnet_info.get('name'), ugos_info.get('name')]
            sections = [Telnet_info.get('section'), ugos_info.get('section')]
            ports = ",".join([Telnet_info.get('ports'), ugos_info.get('ports')])

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update({"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall,nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证Telnet可以访问"):
            Telnet_result = handle_api_call(network_api.check_telnet_login, host,port=Telnet_info.get('ports'))
            assert Telnet_result[0] == True, "Telnet服务无法访问"

        with allure.step("验证SSH不可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == False, "SSH服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的FTP+UGOS端口")
    def test_firewall_ruler5(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            FTP_info = handle_api_call(network_api.application_info_by_service_name, 'FTP')
            ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
            internal_servers = [FTP_info.get('name'), ugos_info.get('name')]
            sections = [FTP_info.get('section'), ugos_info.get('section')]
            ports = ",".join([FTP_info.get('ports'), ugos_info.get('ports')])

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update({"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall,nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证Telnet可以访问"):
            port = int(FTP_info.get('ports').split(',')[0])
            FTP_result = handle_api_call(network_api.check_ftp_login, host, username=username, password=passwd,port=port)
            assert FTP_result[0] == True, "FTP服务无法访问"

        with allure.step("验证SSH不可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == False, "SSH服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的WebDAV+UGOS端口")
    def test_firewall_ruler6(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            WebDAV_info = handle_api_call(network_api.application_info_by_service_name, 'WebDAV')
            ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
            internal_servers = [WebDAV_info.get('name'), ugos_info.get('name')]
            sections = [WebDAV_info.get('section'), ugos_info.get('section')]
            ports = ",".join([WebDAV_info.get('ports'), ugos_info.get('ports')])

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update({"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall,nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证WebDAV可以访问"):
            port = WebDAV_info.get('ports').split(',')[0]
            WebDAV_result = handle_api_call(network_api.check_webdav_access, host, username=username, password=passwd,port=port)
            assert WebDAV_result[0] == True, "webdav服务无法访问"

        with allure.step("验证SSH不可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == False, "SSH服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的rsync+UGOS端口")
    def test_firewall_ruler7(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            rsync_info = handle_api_call(network_api.application_info_by_service_name, 'rsync')
            ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
            internal_servers = [rsync_info.get('name'), ugos_info.get('name')]
            sections = [rsync_info.get('section'), ugos_info.get('section')]
            ports = ",".join([rsync_info.get('ports'), ugos_info.get('ports')])

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 0
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update(
                {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall, nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证WebDAV可以访问"):
            port = rsync_info.get('ports')
            rsync_result = handle_api_call(network_api.check_rsync_access, host, username=username, password=passwd,
                                            port=port)
            assert rsync_result[0] == True, "rsync服务无法访问"

        with allure.step("验证SSH不可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == False, "SSH服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    # @pytest.mark.skip("未开启防护墙状态下也无法访问")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许所有网口的wsdd2+UGOS端口")
    # def test_firewall_ruler8(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         wsdd2_info = handle_api_call(network_api.application_info_by_service_name, 'wsdd2')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [wsdd2_info.get('name'), ugos_info.get('name')]
    #         sections = [wsdd2_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([wsdd2_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info})
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证WebDAV可以访问"):
    #         port = int(wsdd2_info.get('ports').split(",")[0])
    #         wsdd2_result = handle_api_call(network_api.check_wsdd2_access, host)
    #         assert wsdd2_result[0] == True, "wsdd2服务无法访问"
    #
    #     with allure.step("验证SSH不可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == False, "SSH服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的所有端口")
    # def test_firewall_rule9(self, network_api):
    #     with allure.step("设置防火墙规则"):
    #         handle_api_call(network_api.del_all_firewall_rule)
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "all", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,"interface":"eth0","label":'LAN1'})
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证SSH可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == True, "SSH服务无法访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的SSH+UGOS端口")
    # def test_firewall_rule10(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         ssh_info = handle_api_call(network_api.application_info_by_service_name, 'SSH')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [ssh_info.get('name'), ugos_info.get('name')]
    #         sections = [ssh_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([ssh_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,
    #              "interface": "eth0", "label": 'LAN1'})
    #         handle_api_call(network_api.get_firewall_application, sections=sections)
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证SSH可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == True, "SSH服务无法访问"
    #
    #     with allure.step("验证SMB不可以访问"):
    #         smb_result = handle_api_call(network_api.check_smb_login, host, username, passwd)
    #         assert smb_result[0] == False, "SMB服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的SMB+UGOS端口")
    # def test_firewall_rule11(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         smb_info = handle_api_call(network_api.application_info_by_service_name, 'SMB')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [smb_info.get('name'), ugos_info.get('name')]
    #         sections = [smb_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([smb_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,
    #              "interface": "eth0", "label": 'LAN1'})
    #         handle_api_call(network_api.get_firewall_application, sections=sections)
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证SMB可以访问"):
    #         smb_result = handle_api_call(network_api.check_smb_login, host, username, passwd)
    #         assert smb_result[0] == True, "SMB服务无法访问"
    #
    #     with allure.step("验证SSH不可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == False, "SSH服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的Telnet+UGOS端口")
    # def test_firewall_ruler12(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         Telnet_info = handle_api_call(network_api.application_info_by_service_name, 'Telnet')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [Telnet_info.get('name'), ugos_info.get('name')]
    #         sections = [Telnet_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([Telnet_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,
    #              "interface": "eth0", "label": 'LAN1'})
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证Telnet可以访问"):
    #         Telnet_result = handle_api_call(network_api.check_telnet_login, host, port=Telnet_info.get('ports'))
    #         assert Telnet_result[0] == True, "Telnet服务无法访问"
    #
    #     with allure.step("验证SSH不可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == False, "SSH服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的FTP+UGOS端口")
    # def test_firewall_ruler13(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         FTP_info = handle_api_call(network_api.application_info_by_service_name, 'FTP')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [FTP_info.get('name'), ugos_info.get('name')]
    #         sections = [FTP_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([FTP_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,
    #              "interface": "eth0", "label": 'LAN1'})
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证Telnet可以访问"):
    #         port = int(FTP_info.get('ports').split(',')[0])
    #         FTP_result = handle_api_call(network_api.check_ftp_login, host, username=username, password=passwd,
    #                                      port=port)
    #         assert FTP_result[0] == True, "FTP服务无法访问"
    #
    #     with allure.step("验证SSH不可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == False, "SSH服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的WebDAV+UGOS端口")
    # def test_firewall_ruler14(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         WebDAV_info = handle_api_call(network_api.application_info_by_service_name, 'WebDAV')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [WebDAV_info.get('name'), ugos_info.get('name')]
    #         sections = [WebDAV_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([WebDAV_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,
    #              "interface": "eth0", "label": 'LAN1'})
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证WebDAV可以访问"):
    #         port = WebDAV_info.get('ports').split(',')[0]
    #         WebDAV_result = handle_api_call(network_api.check_webdav_access, host, username=username, password=passwd,
    #                                         port=port)
    #         assert WebDAV_result[0] == True, "webdav服务无法访问"
    #
    #     with allure.step("验证SSH不可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == False, "SSH服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)
    #
    # @pytest.mark.skip("待确认")
    # @allure.title("防火墙功能-规则都不符合时拒绝访问-允许网口1的rsync+UGOS端口")
    # def test_firewall_ruler15(self, network_api):
    #     with allure.step("获取设置防火墙规则的参数"):
    #         rsync_info = handle_api_call(network_api.application_info_by_service_name, 'rsync')
    #         ugos_info = handle_api_call(network_api.application_info_by_service_name, 'UGOS Pro')
    #         internal_servers = [rsync_info.get('name'), ugos_info.get('name')]
    #         sections = [rsync_info.get('section'), ugos_info.get('section')]
    #         ports = ",".join([rsync_info.get('ports'), ugos_info.get('ports')])
    #
    #     with allure.step("设置防火墙规则"):
    #         request_data = {}
    #         name = Fake.fake_name()
    #         name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
    #         default = 0
    #         port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
    #                      "sections": []}
    #         host_info = {"type": "all", "src_ip": ""}
    #         port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
    #         request_data.update(
    #             {"name": f"防火墙配置{name}", "default": default, "port_info": port_info, "host_info": host_info,
    #              "interface": "eth0", "label": 'LAN1'})
    #         handle_api_call(network_api.add_firewall_rule, **request_data)
    #         handle_api_call(network_api.set_firewall, nameList=name_list)
    #
    #     with allure.step("验证web服务可以访问"):
    #         web_result = handle_api_call(network_api.check_http, host, username)
    #         assert web_result[0] == True, "web服务无法访问"
    #
    #     with allure.step("验证WebDAV可以访问"):
    #         port = rsync_info.get('ports')
    #         rsync_result = handle_api_call(network_api.check_rsync_access, host, username=username, password=passwd,
    #                                        port=port)
    #         assert rsync_result[0] == True, "rsync服务无法访问"
    #
    #     with allure.step("验证SSH不可以访问"):
    #         ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
    #         assert ssh_result[0] == False, "SSH服务可以访问"
    #
    #     with allure.step("删除防火墙规则"):
    #         handle_api_call(network_api.del_firewall_rule, name_list)

    @allure.title("防火墙功能-规则都不符合时允许访问-拒绝UGOS以外的所有端口")
    def test_firewall_ruler18(self, network_api):
        with allure.step("获取设置防火墙规则的参数"):
            rsync_info = handle_api_call(network_api.application_info_by_service_name, 'rsync')
            SMB_info = handle_api_call(network_api.application_info_by_service_name, 'SMB')
            WebDAV_info = handle_api_call(network_api.application_info_by_service_name, 'WebDAV')
            wsdd2_info = handle_api_call(network_api.application_info_by_service_name, 'wsdd2')
            SSH_info = handle_api_call(network_api.application_info_by_service_name, 'SSH')
            Telnet_info = handle_api_call(network_api.application_info_by_service_name, 'Telnet')
            FTP_info = handle_api_call(network_api.application_info_by_service_name, 'FTP')
            NFS_info = handle_api_call(network_api.application_info_by_service_name, 'NFS')
            internal_servers = [rsync_info.get('name'), SMB_info.get('name'),WebDAV_info.get('name'),wsdd2_info.get('name'),SSH_info.get('name'),Telnet_info.get('name'),FTP_info.get('name'),NFS_info.get('name')]
            sections = [rsync_info.get('section'), SMB_info.get('section'),WebDAV_info.get('section'),wsdd2_info.get('section'),SSH_info.get('section'),Telnet_info.get('section'),FTP_info.get('section'),NFS_info.get('section')]
            ports_list = [rsync_info.get('ports'), SMB_info.get('ports'),WebDAV_info.get('ports'),wsdd2_info.get('ports'),SSH_info.get('ports'),Telnet_info.get('ports'),FTP_info.get('ports'),NFS_info.get('ports')]
            ports = ",".join(ports_list)

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.fake_name()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 1
            permit = 0 # 0表示拒绝
            port_info = {"type": "sys", "protocol": "", "target": "", "ports": "", "internal_servers": [],
                         "sections": []}
            host_info = {"type": "all", "src_ip": ""}
            port_info.update({"ports": ports, "internal_servers": internal_servers, "sections": sections})
            request_data.update(
                {"name": f"防火墙配置{name}", "default": default,"permit":permit, "port_info": port_info, "host_info": host_info})
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall, nameList=name_list)

        with allure.step("验证web服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web服务无法访问"

        with allure.step("验证SSH不可以访问"):
            ssh_result = handle_api_call(network_api.check_ssh_login, host, username, passwd)
            assert ssh_result[0] == False, "SSH服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)

    # 定义一个参数化的测试用例
    @pytest.mark.parametrize("service_name, check_function", [
        ("SSH", "check_ssh_login",),
        ("SMB", "check_smb_login"),
        ("Telnet", "check_telnet_login"),
        ('FTP',"check_ftp_login"),
        ('WebDAV',"check_webdav_access"),
        ('rsync',"check_rsync_access"),
        ('wsdd2',"check_wsdd2_access")
    ])
    @allure.title("防火墙功能-规则都不符合时允许访问-拒绝{service_name}服务端口")
    def test_firewall_rule_lan(self,network_api, service_name, check_function):
        with allure.step("获取设置防火墙规则的参数"):
            service_info = handle_api_call(network_api.application_info_by_service_name, service_name)
            internal_servers = [service_info.get('name')]
            sections = [service_info.get('section')]
            ports_list = [service_info.get('ports')]
            ports = ",".join(ports_list)

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.generate_english_username()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 1
            permit = 0  # 0 表示拒绝
            port_info = {"type": "sys","protocol": "","target": "",
                "ports": ports,
                "internal_servers": internal_servers,
                "sections": sections
            }
            host_info = {"type": "all", "src_ip": ""}
            request_data.update({
                "name": f"防火墙配置{name}",
                "default": default,
                "permit": permit,
                "port_info": port_info,
                "host_info": host_info
            })
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall, nameList=name_list)

        with allure.step("验证 web 服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web 服务无法访问"

        with allure.step(f"验证{service_name}不可以访问"):
            if service_name == "Telnet" or service_name == 'wsdd2':
                port = service_info.get('ports').split(',')[0]
                result = handle_api_call(getattr(network_api, check_function), host, port=port)
            else:
                result = handle_api_call(getattr(network_api, check_function), host, username, passwd)
            assert result[0] == False, f"{service_name}服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)


    @pytest.mark.parametrize("service_name, check_function,interface,label", [
        ("SSH", "check_ssh_login","eth0","LAN1"),
        ("SMB", "check_smb_login","eth0","LAN1"),
        ("Telnet", "check_telnet_login","eth0","LAN1"),
        ('FTP', "check_ftp_login","eth0","LAN1"),
        ('WebDAV', "check_webdav_access","eth0","LAN1"),
        ('rsync', "check_rsync_access","eth0","LAN1"),
        ('wsdd2', "check_wsdd2_access","eth0","LAN1"),
        ("SSH", "check_ssh_login","eth1", "LAN2"),
        ("SMB", "check_smb_login","eth1", "LAN2"),
        ("Telnet", "check_telnet_login","eth1", "LAN2"),
        ('FTP', "check_ftp_login","eth1", "LAN2"),
        ('WebDAV', "check_webdav_access","eth1", "LAN2"),
        ('rsync', "check_rsync_access","eth1", "LAN2"),
        ('wsdd2', "check_wsdd2_access","eth1", "LAN2")
    ])
    @allure.title("防火墙功能-规则都不符合时允许访问-网口{interface}拒绝{service_name}服务端口")
    def test_firewall_rule_single_lan(self, network_api, service_name, check_function, interface, label):
        with allure.step("获取设置防火墙规则的参数"):
            service_info = handle_api_call(network_api.application_info_by_service_name, service_name)
            internal_servers = [service_info.get('name')]
            sections = [service_info.get('section')]
            ports_list = [service_info.get('ports')]
            ports = ",".join(ports_list)

        with allure.step("设置防火墙规则"):
            request_data = {}
            name = Fake.generate_english_username()
            name_list = [{"id": 1, "name": f"防火墙配置{name}", "enable": 1}]
            default = 1
            permit = 0  # 0 表示拒绝
            port_info = {"type": "sys", "protocol": "", "target": "",
                         "ports": ports,
                         "internal_servers": internal_servers,
                         "sections": sections
                         }
            host_info = {"type": "all", "src_ip": ""}
            request_data.update({
                "name": f"防火墙配置{name}",
                "default": default,
                "permit": permit,
                "port_info": port_info,
                "host_info": host_info,
                "interface": interface,
                "label": label
            })
            handle_api_call(network_api.add_firewall_rule, **request_data)
            handle_api_call(network_api.set_firewall, nameList=name_list)

        with allure.step("验证 web 服务可以访问"):
            web_result = handle_api_call(network_api.check_http, host, username)
            assert web_result[0] == True, "web 服务无法访问"

        with allure.step(f"验证{service_name}不可以访问"):
            if service_name == "Telnet" or service_name == 'wsdd2':
                port = service_info.get('ports').split(',')[0]
                result = handle_api_call(getattr(network_api, check_function), host, port=port)
            else:
                result = handle_api_call(getattr(network_api, check_function), host, username, passwd)
            assert result[0] == False, f"{service_name}服务可以访问"

        with allure.step("删除防火墙规则"):
            handle_api_call(network_api.del_firewall_rule, name_list)